search for: configuring_sssd_with_ad_serv

...ssd? (which I haven't yet investigated, to be honest) > > You could try sssd, this has a backend like the winbind backend and will > also work on the DC (well it did the last time I tried it, which was some > time ago) . Thanks! I'm looking at https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server at the moment. Looks like I can either use 'net join ...' (which I suspect won't work when I'm running it from my DC already, with its existing DC role smb.conf), or manually grab a Kerberos ticket somehow. One of the steps for that is ''ktpass /princ host/..." but I...

I have a few RHEL7 boxes, all of them are members in MS Win domain using SSSD. All of these linuxes run Samba for file sharing with the same config. Usually it works nice, but from time to time users cannot map Samba folders, with the following message in the log: [2017/03/07 14:58:27.050493, 0] ../source3/auth/auth_domain.c:121(connect_to_domain_password_server)

...to automate the join, you can do a "net ads join -UAdministrator%password". In theory you could do this with a kerberos keytab as well, using kinit with the keytab file, then a "net join -k" (possibly "-k yes"), as described here https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server However, I seem to recall not being able to get "net join -k" to work last time I tried. I'm also not sure that distributing keytabs for adminsitrative accounts is any better than using a password. > Or maybe if it's possible, create computer accounts in Samba with >...

Hello, I suggest you start reading here: https://fedorahosted.org/sssd/wiki/Configuring_sssd_with_ad_server and if you want to use winbind and not sssd. read : https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member Now i dont use sssd and there is an other mailing list for sssd, ( sssd is not related to samba (yet) but my guesses are.. - your keytab is expiring and not refreshed....

On 10/09/2016 12:14 PM, Rowland Penny via samba wrote: > I would like to take you to task over 'winbindd which is adequate for > my purposes'. Anything that sssd can do, winbind can do, in fact sssd > uses some of the code from winbind. I should say one more thing. If you have a URL of a good, recent guide I will give it a try again. I want to move to hardware running CentOS 7.

Hallo, it ist possible using samba with authenfication over sssd? I have two different openLDAP-server on different places. Each give logins for ssh, su, samba and many other thinks. In samba I use passdb backend = ldapsam:ldap://... The uid/gid-numbers differ, that by merging no overlapping exist. Now I try using sssd and it work fine for su and ssh (over nsswitch and pam). It enable logins

Le 31/03/2016 11:44, Rowland penny a écrit : > On 31/03/16 10:04, Service Informatique IF wrote: >> Hi, >> >> I'm trying to use wildcard in keytab because i don't want join every >> computer, client for service NFS krb5. >> >> I add a spn like this >> >> # samba-tool spn add host/* nfs >> >> (I create user nfs before) >>

https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC <https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC> > On Sep 3, 2016, at 7:59 AM, Fosiul Alam via samba <samba at lists.samba.org> wrote: > > Hi Both > Thanks > > from Samba4 side i need this help, I can see that sshd has this option, can > you

Thank you Rowland, that clearly explains why it isn't working for me. Appreciated. I was trying to achieve my goal of having two domain controllers for redundancy, without having additional physical machines - it looks like I'm now in the same boat as the other current thread ("Domain controller in a chroot"), which is unfortunate! :( My scenario is that I have one ESXi